| Summary: | flash-player-plugin security update 11.2.202.637 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Zombie Ryushu <zombie_ryushu> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, anssi.hannula, lewyssmith, sysadmin-bugs, tarazed25 |
| Version: | 5 | Keywords: | Security, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://helpx.adobe.com/security/products/flash-player/apsb16-32.html | ||
| Whiteboard: | MGA5-64-OK MGA5-32-OK advisory | ||
| Source RPM: | flash-player-plugin | CVE: | CVE-2016-4273, CVE-2016-4286, CVE-2016-6981, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6987, CVE-2016-6989, CVE-2016-6990, CVE-2016-6992 |
| Status comment: | |||
|
Description
Zombie Ryushu
2016-10-13 18:30:52 CEST
Zombie Ryushu
2016-10-13 18:45:43 CEST
URL:
(none) =>
http://www.linuxsecurity.com/content/view/168645/
David Walser
2016-10-13 19:54:55 CEST
Assignee:
bugsquad =>
anssi.hannula Advisory: ============ Adobe Flash Player 11.2.202.637 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves a type confusion vulnerability that could lead to code execution (CVE-2016-6992). This update resolves use-after-free vulnerabilities that could lead to code execution (CVE-2016-6981, CVE-2016-6987). This update resolves a security bypass vulnerability (CVE-2016-4286). This update resolves memory corruption vulnerabilities that could lead to code execution (CVE-2016-4273, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6989, CVE-2016-6990). References: https://helpx.adobe.com/security/products/flash-player/apsb16-32.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4273 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6981 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6982 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6983 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6984 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6985 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6986 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6987 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6989 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6990 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6992 ============ Updated Flash Player packages have been submitted to mga5 nonfree/updates_testing. Source packages: flash-player-plugin-11.2.202.637-1.mga5.nonfree Binary packages: flash-player-plugin flash-player-plugin-kde Keywords:
(none) =>
Security Testing M5-64 real hardware: flash-player-plugin-11.2.202.637-1.mga5.nonfree Simply watched a few video clips on the BBC site, with sound, mini & fullscreen. No problem noted (except that sound is chronically weak on my system). OK for me, but needs wider confirmation. CC:
(none) =>
lewyssmith Tested on x86_64 real hardware. Watched a few videos online; BBC, OK!, Youtube, Vevo. Sound and vision working perfectly. Vevo subtitles/OSD worked. CC:
(none) =>
tarazed25 Tested on 32-bit real hardware. Watched local TV weather forecast, which is only available with Flash. Everything looked good. CC:
(none) =>
andrewsfarm OK'd for 64 & 32 bit. Validated the updated. Advisory uploaded. Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0346.html Status:
ASSIGNED =>
RESOLVED |